package com.kaifamiao.wendao.servlet;

import com.kaifamiao.utils.StringHelper;
import com.kaifamiao.wendao.entity.Customer;
import com.kaifamiao.wendao.service.CustomerService;

import javax.servlet.RequestDispatcher;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

@WebServlet( "/customer/sign/in" )
public class CustomerSignInServlet extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest request , HttpServletResponse response )
            throws ServletException, IOException {
        String path = "/WEB-INF/pages/customer/sign-in.jsp" ;
        RequestDispatcher dispatcher = request.getRequestDispatcher( path );
        dispatcher.forward( request , response );
    }

    @Override
    protected void doPost( HttpServletRequest request , HttpServletResponse response )
            throws ServletException, IOException {
        HttpSession session = request.getSession();
        final String uri = request.getContextPath() + "/customer/sign/in" ;
        // 若请求参数未通过校验
        if( !this.validate( request ) ) {
            // 则重定向到登录页面
            response.sendRedirect( uri );
            return;
        }

        // 获取请求参数
        String username = request.getParameter( "username" );
        String password = request.getParameter( "password" );

        CustomerService cs = new CustomerService();

        Customer c = cs.load( username );
        if( c == null ) {
            session.setAttribute( "username" , username );
            session.setAttribute( "message" , "用户名错误" );
            response.sendRedirect( uri );
            return;
        }

        // 使用数据库中存储的盐值对用户在界面上输入的密码进行混淆并加密
        String encrypted = cs.process( password , c.getSalt() );
        // 将加密后的字符串与数据库中保存的密码进行比较
        if( !encrypted.equals( c.getPassword() ) ) {
            session.setAttribute( "username" , username );
            session.setAttribute( "message" , "用户名错误" );
            response.sendRedirect( uri );
            return;
        }

        // 将整个 Customer 对象作为值添加到 会话的属性中
        session.setAttribute( "customer" , c );
        // 登录成功后去往 话题列表页面
        response.sendRedirect( request.getContextPath() + "/topic/list" );
    }

    private boolean validate( HttpServletRequest request ){
        HttpSession session = request.getSession();

        String username = request.getParameter( "username" );
        // username == null || username.trim().isEmpty()
        if( StringHelper.empty( username ) ){
            session.setAttribute( "message" , "用户名不可以为空" );
            return false ;
        }

        String password = request.getParameter( "password" );
        if( StringHelper.empty( password ) ){
            session.setAttribute( "username" , username );
            session.setAttribute( "message" , "密码不可以为空" );
            return false ;
        }

        // 获取用户输入的验证码字符串
        String captcha = request.getParameter( "captcha" );
        if( StringHelper.empty( captcha ) ){
            session.setAttribute( "username" , username );
            session.setAttribute( "message" , "验证码不能为空" );
            return false ;
        }
        // 因为在 CaptchaImageServlet 中通过 session.setAttribute( "CAPTCHA" , code ) 设置属性
        // 所以通过属性名 "CAPTCHA" 可以获得保存在会话对象中的 验证码字符串
        String code = (String)session.getAttribute( "CAPTCHA" );
        // 比较会话中保存的验证码字符串 是否【不等于】 用户输入的验证码字符串
        if( !code.equalsIgnoreCase( captcha ) ){
            session.setAttribute( "username" , username );
            session.setAttribute( "message" , "你输入的验证码是错误的" );
            return false ;
        }

        return true ;
    }
}
